[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I had a relatively quick look at trinity. It seems to me that it currently
only has support for a few ioctls, right?

I am thinking about how hard it would be to automatically determine ioctls
for arbitrary devices. I coded a little PoC:

http://git.thejh.net/?p=moctel.git;a=summary

Run "make", load the kernel module. Then determine the ioctl handler's name
for a given device or so like this:

$ sudo ./show_ioctl /dev/xconsole
pipe_ioctl
$ sudo ./show_ioctl /dev/kvm
kvm_dev_ioctl
$ sudo ./show_ioctl /dev/fuse

$ sudo ./show_ioctl /dev/btrfs-control 
btrfs_control_ioctl
$ sudo ./show_ioctl /root
ext4_ioctl

So far, it is fairly straightforward. Knowing the handler method's name, you
could then try to find the valid ioctls under the assumption that some generic
patterns are followed:

$ grep -R -n '^[^ ].*btrfs_control_ioctl' fs | grep '\.c:[0-9]*:\S'
fs/btrfs/super.c:1477:static long btrfs_control_ioctl(struct file *file, unsigned int cmd,
$ tail -n +1477 fs/btrfs/super.c | grep -n '^}' | head -n 1
31:}
$ tail -n +1477 fs/btrfs/super.c | head -n 31 | grep 'case .*:' | sed 's|^.*case \(.*\):$|\1|g'
BTRFS_IOC_SCAN_DEV
BTRFS_IOC_DEVICES_READY
$ cat fs/btrfs/super.c > /tmp/a.c
$ echo 'int main(void){printf("%x %x\n", (unsigned)BTRFS_IOC_SCAN_DEV, (unsigned)BTRFS_IOC_DEVICES_READY);}' >> /tmp/a.c
$ gcc -nostdinc -I arch/x86/include -I arch/x86/include/asm -I arch/x86/include/generated -I include -D __KERNEL__ -D CONFIG_X86_X32_ABI -D CONFIG_AS_CFI=1 -D CONFIG_AS_CFI_SIGNAL_FRAME=1 -D CONFIG_AS_CFI_SECTIONS=1 -D CONFIG_AS_FXSAVEQ=1 -D CONFIG_AS_AVX=1 -D CC_HAVE_ASM_GOTO -D 'KBUILD_STR(s)=#s' -D KBUILD_BASENAME='KBUILD_STR(calibrate)' -D KBUILD_MODNAME='KBUILD_STR(calibrate)' -isystem /usr/lib/gcc/x86_64-linux-gnu/4.7/include -include include/linux/kconfig.h -I fs/btrfs/ /tmp/a.c -o /tmp/a -Wl,--unresolved-symbols=ignore-all
/tmp/a.c: In function ‘main’:
/tmp/a.c:1673:16: warning: incompatible implicit declaration of built-in function ‘printf’ [enabled by default]
$ /tmp/a
50009404 90009427

Obviously, this won't always work because it heavily relies on assumptions and
conventions, but maybe it would be possible to automatically extract valid
ioctls from the kernel source this way at least in some cases?

What do you think, is this a good idea?

Jann

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux SCSI]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux